Login with Link (auth back-end only)

For now, all responsibilty for anything breaking should be directed to m@rkmoriarty.com.

Questions?

• If you work at Stripe: Ask questions on #login-with-link.

• Otherwise, email markmoriarty+loginwithlink@stripe.com 👋

Sunday 5/22: These docs will describe how to use this via API only.

You will bring your own session management library (e.g., authjs.dev, as used on shop.markmoriarty.com)

The main steps are quite simple:

1. /lookup Collect a user's email for login or signup: Look up this email to see if the email exists on the Link network. We will send you a client_secret in our response.

(If the user does NOT exist on Link: invite them to sign up for Link. Otherwise, continue with the below.)

• /start_verification If the user does exist on Stripe: ask Stripe to send them the SMS verification code.

1. /authenticate Collect the 6-digit code from the user using a form of your own design. Submit this to Stripe, along with the `client_secret` we sent you in step 1.

Click "next" to view instructions to use API only: https://docs.loginwithlink.com/use-api-only/about-this-option-api-only

In a few days(?): Plausibly I could spin up a basic OIDC provider

Redirect from your site to a Stripe-hosted "Login with Link/Stripe" page, just like you'd do for "Log in with Twitter" or "Log in with GitHub".

Wish: rally >1 other Stripes to have other session-management front-ends (ideally not also using next-auth.js), using this new (minimal) OIDC provider. This should help demonstrate (to less technical folks) how to separate "Login with Link" (as just OIDC) from "session management" (using libraries like next-auth, firebase, supabase, etc.)

Based on today's research, it seems quite doable. Stripe out the front-end pages like /users, and do a redirect instead of log in action, so developer can B.Y.O. session management library: read more.